Social sites such as Facebook and MySpace are a big hit nowadays; not just with the young generation but with people of all ages. It’s an amazing platform for people to connect but it certainly isn’t without its dangers.

As with all things in life, there are dangers and then there are dangers. Recently I was faced with some of the worst dangers that these social sites can generate.

The Perils of Social Networking Love

A friend of mine who knows that my line of work involves internet security came to me with a problem she faced. A friend of hers met a guy from a different country on one of these social networks and fell in love with him over time. It might be important to note that it was the guy who initiated the contact. That’s generally great; however, my friend is afraid that he may be trying to play her friend and after hearing the story I think she is quite right to be worried, so much so that I believe it’s even worse than what she was initially suspecting.

The first red flag was raised when this guy said that he really wants to meet her but unfortunately needs a large sum of money in order to get a visa to visit the country. Classic dating scam. Luckily the sum which he said he needed was so large that she couldn’t afford it, because if she did it is quite likely that she would have sent it over without a second thought.  As if that wasn’t enough proof of this person’s malicious intent, another girl contacted my friend’s friend and told her about her bad experience with this person and cautioned her to be careful. However, when confronted with this information, the potentially malicious person said that he used to date the girl who had contacted her but had left her a while ago and now she just wants revenge. The girl believed his story even in light of the earlier scam attempt.

However what really got me worried was what came next. This guy suggested that they should meet in a different country and get married there. The biggest problem here is that, as far as I could tell from my research, the country which he suggested and the home country of this girl has the same exact same visa requirements. Actually the country which he suggested requires extra monetary guaranties that he would need to fulfill, which he wouldn’t need to for a visa in the girl’s country of residence. What’s a lot worse is that the country which he suggested is pretty well known for human trafficking.

And this had a profound effect on me because the first thing that went through my mind is one of the first things that you’re taught in security i.e. never think that it cannot happen to you. I honestly admit that my first thought was that it couldn’t possibly be that bad, I was just being paranoid.  But then my security instinct kicked in and I decided that it’s better to be safe than sorry so I told my friend what I was suspecting – that this guy tried to scam the girl, but because she wasn’t rich enough to satisfy his scam, he might be going to plan B which is to try to sell her instead. I didn’t take this decision lightly; I know my friend came to me to ease her worry primarily and I was about to make it a lot worse but I dreaded the consequences which would be a lot worse, if it turned out that I wasn’t being paranoid after all.

After a lot of effort we managed to convince the girl not to travel to meet him, however she still insists that he is genuine. Yes, she still thinks that she wasn’t being scammed when he asked her for money.

Protecting yourself against social engineering scams

That’s my story so far, so now let’s concentrate on the essence of it. Even if this was all a misunderstanding the risk is real. Social networking is always a great tool for social engineers. Knowledge is power and this is especially true when it comes to social engineering. The more the social engineer knows about his victim, the more likely he is to be successful in his schemes. I am generally against monitoring and restricting but stories like this make me stop and think whether it is the right thing to do after all.

What if this sort of thing were to happen to my children? What if s/he falls in love with a person of malicious intent? We all know how dangerous strong emotions can be, trying to save her/him once s/he is deeply in love will be impossible and the more you try to do to convince her/him of the mistakes s/he might be doing, the more likely it is  to drive him/her away. What’s worse is that even if you manage to expose the scam the emotional impact will certainly be devastating at this stage. On the other hand the only other option would be to switch to a 1984 state of affairs and rigorously monitor any and all communications. Both are obviously wrong.

And this is not just for your household; the same applies to the workplace. Over monitoring your network will have detrimental effects on the employees’ morale, and might even be illegal in some cases. However even if it were legal, would you want to monitor your employees’ communication on social sites? What about private emails? The obvious, safer solution is to disallow these sites however this will have a detrimental effect on morale too.

I guess in both personal and professional scenarios your best bet would be education. Although it will not be 100% effective, some people claim that it’s not effective at all, it will hopefully make people question such events if they are aware of the risks. On the other hand, in cases such as a dating scam, the request for money will happen when it’s too late, as the person will already be too hooked to second guess anything so education is unlikely to work here.

Who’s really lurking behind that profile page?

The dating scam is just one of the scams that are happening via social networking. I have heard on a first hand basis of people being scammed for many things. Malicious people making friends with victims and after a while say that they have to drop out of school because they can’t afford it. In some cases the victims themselves offer to help out financially and are thus scammed of their hard earned cash without  even having to be asked to hand over money. At the end of the day social networking is a haven for con artists. Con artists can befriend their victims very safely. You become friends to a profile in essence and there is no guarantee that the profile has any truth to it whatsoever. If a con artist is patient he can build a good trust relationship and then spring any number of traps – from fake lucrative investment schemes to a great opportunity that cannot be passed by.

Finally I caution you to not make the classic mistake of thinking that this could never happen to you or your loved ones. I urge you to always be on guard. Furthermore it might be a good idea to warn friends and family about the dangers of social networking. When I explained the dating scam/human trafficking risk to my friend her answer was, ‘I didn’t know that this happens on the internet’ which is a common and ultimately understandable stance. People who aren’t in IT wouldn’t automatically think of these issues unless they experience them firsthand and by then it will be too late.

What do you think? I would love this to turn into a debate on the different views regarding social networking. Which method would you choose to protect yourself and others, both at home and professionally? Do you think that the blocking option is the right way to go? Monitoring perhaps? Or do you believe that education is effective enough to be the only safety mechanism in place?